e80cd34b19512bd5dd8ca13bc15ccca22d48508388793327fa98be4a1d04faad

Sharing

Copy URL Twitter E-mail

General

Target

Perm_Unban.rar
Size

1.6MB
Sample

240715-tyysbszann
MD5

9a1093a7c043967fc846483c5679ba95
SHA1

ce7108708cbcaf06f5e5dfb9fb27b6df6626aefe
SHA256

e80cd34b19512bd5dd8ca13bc15ccca22d48508388793327fa98be4a1d04faad
SHA512

c6df0b8d642ab126f14e012c2b3554a3ee3a557334281bad3b50901741afb17f9b90e2a3d83eb5647b0c623e920dd9f37fb6179b8d4fdb05d593863b8baec160
SSDEEP

24576:WV3mMVFNLlqq+AeKJJHHPFFZUUUB3dC0XkD671o2AVT/+bVfDi/JvNzzxxYYgXDB:afFtbZY3dC00ko5bOGRFnxCYsseDL

Score

8^/10

Malware Config

Targets

- Target
  
  Perm Unban/GRINX64v2/AMIDEWIN.EXE
- Size
  
  148KB
- MD5
  
  182ec3a59bd847fb1bc3e12a41d48fa6
- SHA1
  
  2f548bceb819d3843827c1e218af6708db447d4b
- SHA256
  
  948dbd2bc128f8dc08267e110020fee3ff5de17cf4aaef89372de29623af96fa
- SHA512
  
  91ecc5a76edc2aea4219f68569b54d3e9fe15c2a30a146edc0d09e713feaa739a5c1e7dbfa97e60828696078d43d1f8fd3466234525b099ed6e614e854ac6c4c
- SSDEEP
  
  1536:tNFrdLFZ7JxIVhlPBo8Upxwpwf+gHkow3SMT4HOw2htj6oANy/ht+vSMoqEcViWw:Pv7JIhlBAKwf+gWCM4OwyWscSMoqtLe
Score

1^/10
behavioral1 behavioral2
- Target
  
  Perm Unban/GRINX64v2/AMIDEWINx64.EXE
- Size
  
  453KB
- MD5
  
  6a6505b2413d2c7b16c6d059448db9e5
- SHA1
  
  dfe6c6b6051c26326a12dc9d0d5701cb4728266c
- SHA256
  
  53e3b72f8eb13acf3cb69d4cb124e8dc64fc541555c3c95cc8003b8046853955
- SHA512
  
  1c0531581f0efe683ab763f6633ace60f0637b22830e7ec551babe19ac777a1a6821dc568bce13a8abee8bfef1c7d9397e0bee1c78c00810c65dadd788dab2a3
- SSDEEP
  
  6144:JIeh4+TOKGuTSuXCJ6AtCoZPhGL/TnJ+z5rsxQhsCI9t/tk7MP:jpPTxXihA+zBhsC2Z
Score

1^/10
behavioral3 behavioral4
- Target
  
  Perm Unban/GRINX64v2/DMI16.EXE
- Size
  
  30KB
- MD5
  
  2a89d4e479351022ab8bd604030a76f3
- SHA1
  
  ad1d39fd38fafaae4d77eed5f1c67f665686736d
- SHA256
  
  28e6e1908f2996af9b7a9930f13d4c770d6963425df0869ce4bcdb1442a4a917
- SHA512
  
  0fb48aaeeedb5a96246ffd80c167f501ff2f5a08cf8d2dbf63373666c6f3394244395e05e49b68fedf02c2a3df75ad6ba4223f0066c350993233cf218da83e43
- SSDEEP
  
  384:d2a1f/coJEQ88t5hDQ8o3wk4YMoURAzMbdLWxrqw8CKn6l3myGWstap/+ZU0KXy+:dLf/NWQltVoV4YfDOWxXd3my/cY
Score

1^/10
behavioral5 behavioral6
- Target
  
  Perm Unban/GRINX64v2/DMIEDIT.EXE
- Size
  
  3.2MB
- MD5
  
  fbaf6262fd84f9966338518d4de46fdd
- SHA1
  
  291d481e3b42029e157e7c60febc8fe67cd50cf1
- SHA256
  
  5d37e5e7ce01549965bf2166adcba33d1e2c4bd2c90711032f3987b58452ce49
- SHA512
  
  5d8cc6e1ab85fae8d9a5ffa83cecc2608b1fbbb28b9e80afe2dc6f7d46b657d489e03f75e42fc147d49313b3a41ad768fd0f320a905cbc41d767c0fc3c3d9d7e
- SSDEEP
  
  49152:VOQ6nNB9ySqeDoVFixOA9DruNebQk9DtTKkuecMC+coEbyxvgg+lV:D6nwNomN1AKku1M2Jfj
Score

1^/10
behavioral7 behavioral8
- Target
  
  Perm Unban/GRINX64v2/UCOREDLL.DLL
- Size
  
  112KB
- MD5
  
  8370f3114924ed6c53741de7a253625a
- SHA1
  
  f7782d51e73526226a89229b4f3625c7ce43f3b3
- SHA256
  
  78a4d8e5e8c33793e5a2020325d3a49e92e4826167742e93179bdacbf167b409
- SHA512
  
  5a13c0fb787366869fac57139fa2ebbd0c34a1bfa76c05ac879da60e534cbac694385f2b6120fdb6c7cf0e62cf4948efbdfde96e695a9d377f44eedb2e1b1398
- SSDEEP
  
  1536:g+FKwswB29BLymvRwRvSpD0pQD61ShZT1Cw4cf0SbtsWFoYc0RkU:g8Vk9ymvyNMO4QqGeyqoLGL
Score

3^/10
behavioral10 behavioral9
- Target
  
  Perm Unban/GRINX64v2/UCORESYS.SYS
- Size
  
  15KB
- MD5
  
  9555d36fb21b993e5c4b98c2fc2b3671
- SHA1
  
  210a98be7da32cea98618c5a9640c23ce518c0ee
- SHA256
  
  fd6f56189cd723b32fc06392867fcd5128e63d8b5801e4f7a83523f820531981
- SHA512
  
  3ec96ba6fca7a4aa45becfef84b23b12c305f34045ac1a15b22745289e33b9326103e853bad698434df772a76515e7e8109fa8724d65f0351ee380c16d888c60
- SSDEEP
  
  384:pp4uPb5yDmnoMXP1oy5KYJLWd6jH9inbjJE:pp4sEmTDLAmH94b6
Score

1^/10
behavioral11 behavioral12
- Target
  
  Perm Unban/GRINX64v2/UCOREW64.SYS
- Size
  
  14KB
- MD5
  
  a17c58c0582ee560c72f60764ed63224
- SHA1
  
  bbc0b9fd67c8f4cefa3d76fcb29ff3cef996b825
- SHA256
  
  a7c8f4faf3cbb088cac7753d81f8ec4c38ccb97cd9da817741f49272e8d01200
- SHA512
  
  a820a3280da690980a9297fe1e62356eba1983356c579d1c7ea8d6f64bc710b11b0a659c5d6b011690863065541f5627c4e3bc13c02087493de7e63d60981063
- SSDEEP
  
  384:q1ykKJX1BIAQ0r1IiFlYJLWd6jH9inbjJ+T:uygG1IiCLAmH94bgT
Score

1^/10
behavioral13 behavioral14
- Target
  
  Perm Unban/GRINX64v2/amifldrv64.sys
- Size
  
  18KB
- MD5
  
  785045f8b25cd2e937ddc6b09debe01a
- SHA1
  
  029c678674f482ababe8bbfdb93152392457109d
- SHA256
  
  37073e42ffa0322500f90cd7e3c8d02c4cdd695d31c77e81560abec20bfb68ba
- SHA512
  
  40bbeb41816146c7172aa3cf27dace538908b7955171968e1cddcd84403b2588e0d8437a3596c2714ccdf4476eefa3d4e61d90ea118982b729f50b03df1104a9
- SSDEEP
  
  384:Cf8OVN6UDYm+b10HMHd6xhxuGZBBfSZsHLPK6jz/cf:CffV8KApCMMxDuIPKgwf
Score

1^/10
behavioral15 behavioral16
- Target
  
  Perm Unban/HardDisk.exe
- Size
  
  636KB
- MD5
  
  c20e96d4e616ce333c19a1c15a1cc137
- SHA1
  
  f79645ec115130ee59958c55a556f564260b7a9e
- SHA256
  
  2c141c06f7df57f11ef2c62f2a96093484a65df47065b1a475c53784af0e2664
- SHA512
  
  519fec9955c4a18e45ec68d9e7dc2bcda74721a6ea088e59e634e26b136bfa15f5efedf8839c036a3cfdcdb9780a2121dc2d71f1fdbbfd3df02d9969e5db753b
- SSDEEP
  
  12288:EN1TNRzUSWgDxPWnP0Lamg+hyMU1EUFT99qpDDcZDDR5Id1888888888888W888H:whNRASWgDxPWnP0LamWYC8EOd
Score

6^/10
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral17 behavioral18
- Target
  
  Perm Unban/Registry.bat
- Size
  
  159KB
- MD5
  
  82c83643e937e4802178b2762976275d
- SHA1
  
  260befe1c1cb651f60cd5bf067f0d285922ce916
- SHA256
  
  867ebe3a036cdc5c70c2ee267ca4a9124bc717dfb3e73c132dc60a4693a13d24
- SHA512
  
  954e168c4c144d3660a179f1deabb0df521c48a4f635159d65f086b09140f801bbbb912134fab019d9283f575a36f97d3c74067897826a270cceb3f0ff928de9
- SSDEEP
  
  768:R3Slbz5U3/D35lU14IYIXZBMjmgPBpszWQPX4Ir5KYz5U3/D35lU14IYIXZBMjmp:oxXxX
Score

1^/10
behavioral19 behavioral20
- Target
  
  Perm Unban/Reset_ip.bat
- Size
  
  436B
- MD5
  
  8175e46feb5b12012c3780de248d2e72
- SHA1
  
  c79e4373554a9c397c611b6bad04b5743ca53a3d
- SHA256
  
  a11555e1ab7e92eee837f6778cdd41928a13efdc21f8b788abcacbe7bc511255
- SHA512
  
  9dea656e6f36bad77dc1db32d73fb58559447fcc5a67290a2809930540086ee042693e643dea1be4cff4ec6345e0209d99ae840aaa1468a5b2d7fb1a3bb8fff5
Score

8^/10

evasion persistence privilege_escalation
- Modifies Windows Firewall
  evasion
behavioral21 behavioral22
- Target
  
  Perm Unban/regedit_change.bat
- Size
  
  361KB
- MD5
  
  76612436f2530bdedea29c7b93dac4aa
- SHA1
  
  ef4459e02db59572c48c3534dff5138dd2b80c89
- SHA256
  
  d73f8099a9125b4cf8932de41114ce9a308c5426f95818b385e3160fb442b558
- SHA512
  
  b80c3b2819dc633bb6829cf190f3f6852298a11b36ebaed7170252385096e72e241719a18b46ac4c1c822e961d8ac3e0d195bbba9bcbff754f4314df2b9ab988
- SSDEEP
  
  768:+/zTATLU3fjX5F0VYIYIXuhsDGLPhJMT2Nz5U3/D35lU14IYIXZBMjmgPBpszWQZ:3mzozEzozOd5T6E9
Score

1^/10
behavioral23 behavioral24